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DETAILED ACTION 

1 . Claims 1-27 are pending in this application and presented for examination. 

Objections 
Abstract 

1 . Applicant is reminded of the proper language and format for an abstract of the disclosure. 

The abstract should be in narrative form and generally limited to a single paragraph on a 
separate sheet within the range of 50 to 1 50 words. It is important that the abstract not exceed 
150 words in length since the space provided for the abstract on the computer tape used by the 
printer is limited. The form and legal phraseology often used in patent claims, such as "means" 
and "said," should be avoided. The abstract should describe the disclosure sufficiently to assist 
readers in deciding whether there is a need for consulting the full patent text for details. 

The language should be clear and concise and should not repeat information given in the 
title. It should avoid using phrases which can be implied, such as, "The disclosure concerns," 
"The disclosure defined by this invention," "The disclosure describes," etc. 

2. The abstract of the disclosure is objected to because the abstract merely repeats the title 
and does not adequately describe the disclosure. Correction is required. See MPEP § 608.01(b). 

Claim Objections 

3. Claim 16 is objected to because of the following informalities: "the call gate selector," 
"the entry point," and "the global descriptor table" lack antecedent basis. To further prosecution, 
the examiner considered this claim as depending from claim 15, which provides antecedent basis 
for each of the terms. Appropriate correction is required. 
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Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in ( 1 ) an application for patent, published under section 1 22(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21 (2) of such treaty in the English language. 

5. Claims 1, 2, 10, 1 1, 19, and 20 are rejected under 35 U.S.C. 102(e) as being anticipated 
by Warwick et al, U.S. Patent No. 6,598,169 Bl, (hereinafter "Warwick"). 

6. Regarding claim 1: Warwick discloses a system for performing kernel-mode operations 
(col. 2 lines 30-31) comprising: 

a kernel-mode interface generator (Figure 2 and col. 5 lines 31-34, and 41-47) for 
generating a kernel-mode interface driver (col. 5 line 51), which in turn generates a call gate (col. 
5 line 49), to perform a kernel-mode operation with kernel-mode authorization (col. 5 line 47) in 
a kernel mode; and 

an authorization interface (Figure 2 and col. 5 line 43), coupled to the kernel-mode 
interface generator (Figure 2 and col. 5 line 45), to connect a user mode to kernel mode (col. 5 
lines 49-50), switching a process (col. 5 lines 55-56), from user mode to kernel mode via the call 
gate (col. 5 line 49), to perform the kernel-mode operation (col. 5 line 58). 

7. Regarding claim 10: Warwick discloses a method for performing kernel-mode operations 
(col. 2 lines 42-45) comprising steps of: 

providing a kernel-mode generator (Figure 2 and col. 5 lines 31-34, and 41-47); 
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generating a kernel-mode interface (col. 5 line 51), using the kernel-mode generator to 
generate a call gate (col. 5 line 49), performing a kernel-mode operation with kernel-mode 
authorization in a kernel mode (col. 5 line 47); 

providing an authorization interface (Figure 2 and col. 5 line 43), to connect a user mode 
to the kernel mode (col. 5 lines 49-50); and 

switching a process (col. 5 lines 55-56), from the user mode to the kernel mode via the 
call gate (col. 5 line 49), through the authorization interface (Figure 2 and col. 5 line 43) to 
perform the kernel-mode operation with kernel-mode authorization (col. 5 line 58). 

8. Regarding claim 19: Warwick discloses a storage medium for storing a computer 
program (claim 1) providing a method for performing kernel-mode operations (col. 2 lines 42- 
45), comprising using a computer to perform the steps of: 

providing a kernel-mode generator (Figure 2 and col. 5 lines 31-34, and 41-47); 

generating a kernel-mode interface (col. 5 line 51), using the kernel -mode generator to 
generate a call gate (col. 5 line 49), performing a kernel-mode operation with kernel-mode 
authorization in a kernel mode (col. 5 line 47); 

providing an authorization interface (Figure 2 and col. 5 line 43), to connect a user mode 
to the kernel mode (col. 5 lines 49-50); and 

switching a process (col. 5 lines 55-56), from the user mode to the kernel mode via the 
call gate (col. 5 line 49), through the authorization interface (Figure 2 and col. 5 line 43) to 
perform the kernel-mode operation with kernel-mode authorization (col. 5 line 58). 

9. Regarding claims 2, 11, and 20: Warwick discloses that the authorization interface 
(Figure 2 and col. 5 line 43), sends a call gate request (col. 5 line 49), to the kernel-mode 
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interface generator (Figure 2 and col. 5 lines 31-34, and 41-47), to generate the kernel-mode 
interface driver (col. 5 line 51), the call gate generated accordingly (col. 5 line 49), and the 
authorization interface (Figure 2 and col. 5 line 43), instructing (col. 5 lines 55-56), the process 
to enter the kernel mode through the call gate (col. 5 line 49). 

Claim Rejections - 35 USC § 103 

10. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

11. Claims 3-9, 12-18, and 21-27 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Warwick in view of Gao, et al, "Embedded microprocessor protection mode of high- 
privilege system call," Chinese Journal of Computers, 2000, v. 23 n. 3, pp. 318-323, (hereinafter 
"Gao"). 

12. Regarding claims 3, 12, and 21: Warwick discloses that the kernel-mode operation's 
authorization level is in the kernel mode (col. 5 line 47). 

Warwick does not disclose that the kernel mode is Ring 0. Gao teaches that the kernel 
mode is Ring 0 (paragraph 2.1). 
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Therefore it would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the kernel mode disclosed by Warwick with the ring label taught by Gao in 
order to signify that operations taking place therein are occurring at the most privileged level. 

13. Regarding claims 4, 13, and 22: Warwick discloses a process, a user-mode operation 
(col. 5 lines 55-56). Warwick does not disclose that the process is capable of user-mode 
authorization in a protected mode. 

Gao teaches that a process is capable of user-mode authorization in a protected mode 
(paragraph 1). 

Therefore it would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the process disclosed by Warwick with protected mode taught by Gao in 
order to create a more secure implementation of a user level process. 

14. Regarding claims 5, 14, and 23: Warwick does not disclose that the user-mode 
authorization is Ring 3 authorization level in the protected mode. 

Gao teaches that the user-mode authorization is Ring 3 authorization level in the 
protected mode (paragraph 2.2). 

Therefore it would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the user mode disclosed by Warwick with the ring label taught by Gao in 
order to signify that operations taking place therein are occurring at the least privileged level. 
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15. Regarding claims 6, 15, and 24: Warwick does not disclose that the call gate sets a call 
gate selector and an entry point in a global descriptor table, having a call gate descriptor and a 
code-segment descriptor, to enable the process to perform the operation with kernel-mode 
authorization in the kernel mode. 

Gao teaches that the call gate (abstract and paragraph 2.3), sets a call gate selector 
(paragraph 2.3), and an entry point (paragraph 2.3), in a global descriptor table (paragraph 2.2), 
having a call gate descriptor (Figure 3), and a code-segment descriptor (Figure 3), to enable the 
process to perform the operation with kernel-mode authorization in the kernel mode. 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the system disclosed by Warwick with the system employing call gates 
taught by Gao in order to implement a secure interface between user and kernel modes. 

16. Regarding claims 7, 16, and 25: Warwick does not disclose that the user-mode 
authorization of the process is switched to kernel-mode authorization by the call gate selector via 
the entry point in the global descriptor table, and is switched back after the operation with 
kernel-mode authorization has been performed. 

Gao teaches that the user-mode authorization of the process is switched to kernel-mode 
authorization (paragraph 2.4), by the call gate selector (paragraph 2.3), via the entry point 
(paragraph 2.3), in the global descriptor table (paragraph 2.2), and is switched back after the 
operation with kernel-mode authorization has been performed (paragraph 2.4). 
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Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the system disclosed by Warwick with the system taught by Gao in order to 
implement a secure interface between user and kernel modes. 

17. Regarding claims 8, 17, and 26: Warwick does not disclose that a far call stated by the 
call gate selector points to the call gate descriptor, and a CPU switches an instruction pointer to 
the entry point, when a caller from the call gate gives a call, if the caller has kernel-mode 
authorization. 

Gao teaches that a far call stated by the call gate selector (paragraph 2.3), points to the 
call gate descriptor (Figure 3), and a CPU switches an instruction pointer to the entry point 
(paragraph 2.3), when a caller from the call gate gives a call, if the caller has kernel-mode 
authorization (paragraph 2.4). 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the system disclosed by Warwick with the system taught by Gao in order to 
implement a secure interface between user and kernel modes. 

18. Regarding claims 9, 18, and 27: Warwick does not disclose that the instruction pointer 
has kernel-mode authorization, is switched to the entry point, to perform the operation with 
kernel-mode authorization in the kernel mode, and is switched back to the user-mode 
authorization after the operation with kernel-mode authorization has been performed. 

Gao teaches that the instruction pointer (paragraph 2.3), has kernel-mode authorization 
(paragraph 2.4), is switched to the entry point (paragraph 2.3), to perform the operation with 
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kernel-mode authorization in the kernel mode, and is switched back to the user-mode 
authorization after the operation with kernel-mode authorization has been performed (paragraph 
2.4). 

Conclusion 

19. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure is: 

• Bonola, U.S. Patent No. 6,412,053 B2, regarding linearly scalable dynamic memory 
management in a multiprocessing system. 

• Bonola, U.S. Patent No. 6,480,919 B2, regarding kernel exported entry points. 

• Cutler et al., U.S. Patent No. 5,752,031, regarding a queue object for controlling 
concurrency in a computer system. 

• Friedman et al., U.S. Patent No. 6,804,784 Bl, regarding back-channeling in a memory 
vault system. 

• Gbadegesin, U.S. Patent No. 6,779,035 Bl, regarding an application programming 
interface. 

• Hsu, U.S. Patent No. 5,584,023, regarding a transparent and secure file transform 
mechanism. 

• Lacombe et al., U.S. Patent No. 7,003,775 B2, regarding a hardware implementation of 
an application-level watchdog timer. 

• Wong et al., U.S. Patent Publication No. 2002/0152331 Al, regarding a user mode device 
driver interface. 
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• Yates, Jr. et aL, U.S. Patent No. 7,065,633 Bl, regarding a system for delivering 
exceptions between architectures in dual architecture CPUs. 

• Cheriton, et al., "A Caching Model of Operating System Kernel Functionality," 
Proceedings of the First Symposium on Operating Systems Design and Implementation, 
Usenix Association, November 1994. 

Please direct any inquiry concerning this communication or earlier communications from 
the examiner to Bea Koempel-Thomas whose telephone number is 571-270-1252. The examiner 
can normally be reached on Monday - Thursday & alternate Fridays; 0730 - 1700. 

If attempts to reach the examiner by telephone are unsuccessful, please contact the 
examiner's supervisor, Nabil El-Hady, on 571-272-3963. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 





